Clean up _gcry_kdf_*() to remove unsupported KDFs.
Signed-off-by: Gary Lin <g...@suse.com>
---
conf/Makefile.extra-dist | 1 +
.../11-kdf-remove-unsupported-kdfs.patch | 166 ++++++++++++++++++
2 files changed, 167 insertions(+)
create mode 100644
grub-core/lib/libgcrypt-patches/11-kdf-remove-unsupported-kdfs.patch
diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
index ac72a7ecf..abd4227e7 100644
--- a/conf/Makefile.extra-dist
+++ b/conf/Makefile.extra-dist
@@ -45,6 +45,7 @@ EXTRA_DIST +=
grub-core/lib/libgcrypt-patches/07_disable_64div.patch
EXTRA_DIST += grub-core/lib/libgcrypt-patches/08_sexp_leak.patch
EXTRA_DIST += grub-core/lib/libgcrypt-patches/09-blake2b-hash-buffers.patch
EXTRA_DIST += grub-core/lib/libgcrypt-patches/10-kdf-use-GPG-errs.patch
+EXTRA_DIST +=
grub-core/lib/libgcrypt-patches/11-kdf-remove-unsupported-kdfs.patch
EXTRA_DIST +=
grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
EXTRA_DIST +=
grub-core/lib/libtasn1-patches/0002-libtasn1-replace-strcat-with-strcpy-in-_asn1_str_cat.patch
diff --git
a/grub-core/lib/libgcrypt-patches/11-kdf-remove-unsupported-kdfs.patch
b/grub-core/lib/libgcrypt-patches/11-kdf-remove-unsupported-kdfs.patch
new file mode 100644
index 000000000..06723201e
--- /dev/null
+++ b/grub-core/lib/libgcrypt-patches/11-kdf-remove-unsupported-kdfs.patch
@@ -0,0 +1,166 @@
+From f46f3dbd2e572a6610d651d14e9a3a8b27883c49 Mon Sep 17 00:00:00 2001
+From: Gary Lin <g...@suse.com>
+Date: Mon, 25 Aug 2025 16:00:17 +0800
+Subject: [PATCH 3/4] libgcrypt/kdf: Remove unsupported KDFs
+
+Clean up _gcry_kdf_*() to remove unsupported KDFs.
+
+Signed-off-by: Gary Lin <g...@suse.com>
+---
+ grub-core/lib/libgcrypt-grub/cipher/kdf.c | 119 ----------------------
+ 1 file changed, 119 deletions(-)
+
+diff --git a/grub-core/lib/libgcrypt-grub/cipher/kdf.c
b/grub-core/lib/libgcrypt-grub/cipher/kdf.c
+index 55294672b..6e825d3e8 100644
+--- a/grub-core/lib/libgcrypt-grub/cipher/kdf.c
++++ b/grub-core/lib/libgcrypt-grub/cipher/kdf.c
+@@ -816,64 +816,6 @@ _gcry_kdf_open (gcry_kdf_hd_t *hd, int algo, int subalgo,
+ key, keylen, ad, adlen);
+ break;
+
+- case GCRY_KDF_BALLOON:
+- if (!inputlen || !saltlen || keylen || adlen)
+- ec = GPG_ERR_INV_VALUE;
+- else
+- {
+- (void)key;
+- (void)ad;
+- ec = balloon_open (hd, subalgo, param, paramlen,
+- input, inputlen, salt, saltlen);
+- }
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF:
+- if (!inputlen || !paramlen || !adlen)
+- ec = GPG_ERR_INV_VALUE;
+- else
+- {
+- (void)salt;
+- (void)key;
+- ec = onestep_kdf_open (hd, subalgo, param, paramlen,
+- input, inputlen, ad, adlen);
+- }
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF_MAC:
+- if (!inputlen || !paramlen || !keylen || !adlen)
+- ec = GPG_ERR_INV_VALUE;
+- else
+- {
+- (void)salt;
+- ec = onestep_kdf_mac_open (hd, subalgo, param, paramlen,
+- input, inputlen, key, keylen, ad, adlen);
+- }
+- break;
+-
+- case GCRY_KDF_HKDF:
+- if (!inputlen || !paramlen)
+- ec = GPG_ERR_INV_VALUE;
+- else
+- {
+- (void)salt;
+- ec = hkdf_open (hd, subalgo, param, paramlen,
+- input, inputlen, key, keylen, ad, adlen);
+- }
+- break;
+-
+- case GCRY_KDF_X963_KDF:
+- if (!inputlen || !paramlen)
+- ec = GPG_ERR_INV_VALUE;
+- else
+- {
+- (void)salt;
+- (void)key;
+- ec = x963_kdf_open (hd, subalgo, param, paramlen,
+- input, inputlen, ad, adlen);
+- }
+- break;
+-
+ default:
+ ec = GPG_ERR_UNKNOWN_ALGORITHM;
+ break;
+@@ -893,26 +835,6 @@ _gcry_kdf_compute (gcry_kdf_hd_t h, const struct
gcry_kdf_thread_ops *ops)
+ ec = argon2_compute ((argon2_ctx_t)(void *)h, ops);
+ break;
+
+- case GCRY_KDF_BALLOON:
+- ec = balloon_compute_all ((balloon_ctx_t)(void *)h, ops);
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF:
+- ec = onestep_kdf_compute ((onestep_kdf_ctx_t)(void *)h, ops);
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF_MAC:
+- ec = onestep_kdf_mac_compute ((onestep_kdf_mac_ctx_t)(void *)h, ops);
+- break;
+-
+- case GCRY_KDF_HKDF:
+- ec = hkdf_compute ((hkdf_ctx_t)(void *)h, ops);
+- break;
+-
+- case GCRY_KDF_X963_KDF:
+- ec = x963_kdf_compute ((x963_kdf_ctx_t)(void *)h, ops);
+- break;
+-
+ default:
+ ec = GPG_ERR_UNKNOWN_ALGORITHM;
+ break;
+@@ -933,27 +855,6 @@ _gcry_kdf_final (gcry_kdf_hd_t h, size_t resultlen, void
*result)
+ ec = argon2_final ((argon2_ctx_t)(void *)h, resultlen, result);
+ break;
+
+- case GCRY_KDF_BALLOON:
+- ec = balloon_final ((balloon_ctx_t)(void *)h, resultlen, result);
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF:
+- ec = onestep_kdf_final ((onestep_kdf_ctx_t)(void *)h, resultlen,
result);
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF_MAC:
+- ec = onestep_kdf_mac_final ((onestep_kdf_mac_ctx_t)(void *)h,
+- resultlen, result);
+- break;
+-
+- case GCRY_KDF_HKDF:
+- ec = hkdf_final ((hkdf_ctx_t)(void *)h, resultlen, result);
+- break;
+-
+- case GCRY_KDF_X963_KDF:
+- ec = x963_kdf_final ((x963_kdf_ctx_t)(void *)h, resultlen, result);
+- break;
+-
+ default:
+ ec = GPG_ERR_UNKNOWN_ALGORITHM;
+ break;
+@@ -971,26 +872,6 @@ _gcry_kdf_close (gcry_kdf_hd_t h)
+ argon2_close ((argon2_ctx_t)(void *)h);
+ break;
+
+- case GCRY_KDF_BALLOON:
+- balloon_close ((balloon_ctx_t)(void *)h);
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF:
+- onestep_kdf_close ((onestep_kdf_ctx_t)(void *)h);
+- break;
+-
+- case GCRY_KDF_ONESTEP_KDF_MAC:
+- onestep_kdf_mac_close ((onestep_kdf_mac_ctx_t)(void *)h);
+- break;
+-
+- case GCRY_KDF_HKDF:
+- hkdf_close ((hkdf_ctx_t)(void *)h);
+- break;
+-
+- case GCRY_KDF_X963_KDF:
+- x963_kdf_close ((x963_kdf_ctx_t)(void *)h);
+- break;
+-
+ default:
+ break;
+ }
+--
+2.43.0
+
--
2.43.0
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
